Senior Security Engineer - Hinge Health
Hinge Health is moving people beyond pain by transforming the way it is treated and prevented. Connecting people digitally and in-person with expert clinical care, we combine advanced technology, AI and a care team of experts to guide people through personalized care directly from their phone. Our approach is proven to reduce pain by 68%, prevent 42% of new opioid prescriptions, and avoid more than half of joint replacement surgeries. Available to 18M people, Hinge Health is trusted by leading health plans and employers, including Land O’Lakes, L.L. Bean, Salesforce, Self-Insured Schools of California, Southern Company, State of New Jersey, US Foods, and Verizon.
Learn more at http://www.hingehealth.com
Here at Hinge Health, we welcome all applicants and know a diverse team makes us better and stronger. We look for individuals who embody our leadership principles and we value varied experiences and skill sets. Beyond specific work experience, we also look for unique capabilities and skill sets that are key indicators an applicant will thrive in our fast-paced, frequently evolving environment. If this sounds like the kind of place you’d like to be part of, please apply - we would love to hear from you!
Hinge Health Hybrid Model:
We believe that remote work and in-person work have their own advantages and disadvantages, and we want to be able to leverage the best of both worlds. Employees in hybrid roles are required to be in the office 2 days/week. We will be expanding to 3 days/week in the office beginning April of 2024.
About the Role
We’re looking for a detail oriented and technically proficient individual to join us in maturing the Product Security group within the Security team. This function is growing, and you will have an opportunity to help shape the group's direction and grow with it. Security Engineers work directly with our Product and Engineering teams to integrate security into the entire Software Development Life Cycle. This includes, working with Product Managers on the design of new or changing features that affect security controls, working with developers on secure methods to implement those features, and working with the infrastructure team to design and deploy a secure platform to run Hinge Health applications. They are expected to proactively identify, assess, advise and assist in the prioritization and remediation of source code security vulnerabilities. Security Engineers are expected to do so using multiple methods and tools including but not limited to manual penetration testing, outputs from automated security scanning tools including Software Composition Analysis, Static Application Security Testing, Dynamic Application Security Testing, and the findings from third-party application penetration tests. Security Engineers also work with the Security Operations and Infrastructure teams to deploy and maintain security tools within the Hinge Health environment and assist in the tuning of these tools. Security Engineers may also advise or implement the proper security controls on cloud platforms as required to meet security and compliance standards. Security Engineers will be part of the incident response team as subject matter experts as needed. They may also be called upon as subject matter experts to assist other teams with third party security assessment requests.
The ideal candidate will have experience securing, hardening, and identifying vulnerabilities in web applications, RESTful APIs, and mobile applications (iOS and Android) in a cloud hosted microservice environment. We are looking for an individual who can take a risk-based approach to prioritizing the various aspects of a successful product security program. They should be ready to independently jump in to ask questions and understand the environment and identify potential issues while balancing their findings based on risk and company priorities.
The ideal candidate will also have experience implementing and interpreting the results of automated security scans using SCA, SAST and DAST tools and in performing security assessments and penetration tests of web applications and API endpoints and mobile applications They will also have experience assessing the security of cloud(IaaS) infrastructure, ideally including interpreting automated static scans of Infrastructure as Code source.They should be enthusiastic about working to help improve all aspects of the Software Development Life Cycle and working with product managers to create a secure and delightful experience for Hinge Health customers.
Last updated: 21 hours ago
© 2021 - 2022